<?php
	/**
	* Jul 4, Trungdt - add support approved property
	*                  This property help normal user can upload file to server, but Admin must confim this file 
	*/
	set_time_limit(60); // limit to 60 seconds
	ini_set("max_input_time",740);
	ini_set("memory_limit","128M");
	ini_set("upload_max_filesize","100M");
	// restore session
	if (isset($_REQUEST['save_session']))
	{
		$_POST['collection_id']=$_REQUEST['collection_id'];
		$_GET['expid']=$_REQUEST['save_session'];
	}

	include_once('../../../exponent.php');
	if (!defined('SYS_FILES')) require_once(BASE.'subsystems/files.php');
    
    // virus scan
    if (isset($_FILES['Filedata']))
        if  (_ab_clamdscanvirus($_FILES['Filedata']['tmp_name']))
        {
            // virus found
            die ("-1 File {$_FILES['Filedata']['name']} is infected by virus. {$_FILES['Filedata']['name']} had been removed.");
        }
    
	// Jul 4, 2011 - trungdt - Change this line, support file upload by user
	if (filemanagermodule::_CanUpload()) {
		$collection = null;
		if (isset($_REQUEST['collection_id'])) {	 
			$collection = $db->selectObject('file_collection','id='.intval($_POST['collection_id']));
		} else {
			$collection->id = 0;
			$collection->name = 'Uncategorized Files';
			$collection->description = 'Theses files have not been categorized yet,';
		}
		$loc = filemanagermodule::_GetLoc();
		// immanuel addd
		if ($collection && ($collection->id > 0))
			$directory="files/" . $collection->name;
		else
			$directory="files/";
		if (!file_exists(BASE.$directory)) {
			$err = exponent_files_makeDirectory($directory);
			if ($err != SYS_FILES_SUCCESS) {
				die ("-1 Could not create new directory to save your file. Please contact Administrator.");
			}
		}
		//

		// PERM CHECK
		if (isset($_FILES['Filedata'])){
			$file = file::update('Filedata',$directory,null,time()."_".$_FILES['Filedata']['name']);
			$file->name=$_FILES['Filedata']['name'];
			if (filemanagermodule::_CanApprove())
			{
				$file->approved=1;
			}
			else
			{
				$file->approved=0;
			}
		}
		else
			$file=null;
		if (is_object($file)) {
			// Immanuel192 fix this error: Because We don't want field Name of file here, so we set it to null value; on 7/22/2009 
			//$file->name = $_POST['name'];
			if (isset($_REQUEST['save_session'])) // Immanuel192 change this line to fix error: upload to correct collection ; 7/22/2009
				$file->collection_id = $_REQUEST['collection_id'];
			else
				$file->collection_id = $collection->id;
			$file_id = $db->insertObject($file,'file');
			if (!isset($_REQUEST['save_session']))
				header('Location: '.URL_FULL.'modules/filemanagermodule/actions/picker.php?id='.$collection->id.'&highlight_file='.$file_id);
			else
				echo $file_id; // Added by Immanuel - Jul 4 2009: to support ajax upload by jquery
		} else {
			echo $file;
		}
		// END PERM CHECK
	} else {
		echo exponent_http_error(403);
	}
?>
